pkgsrc-bugs: pkg/34281: chat/irssi double-free() or free() in middle of block on MacOS X, NetBSD 4.0

Subject: pkg/34281: chat/irssi double-free() or free() in middle of block on MacOS X, NetBSD 4.0_BETA
To: None <pkg-manager@netbsd.org, gnats-admin@netbsd.org,>
From: None <jdbaker@mylinuxisp.com>
List: pkgsrc-bugs
Date: 08/25/2006 22:30:00

>Number:         34281
>Category:       pkg
>Synopsis:       chat/irssi double-free() or free() in middle of block on MacOS X, NetBSD 4.0_BETA
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Aug 25 22:30:00 +0000 2006
>Originator:     John D. Baker
>Release:        NetBSD 4.0_BETA, MacOS X 10.4.7, pkgsrc-2006Q2
>Organization:
>Environment:
NetBSD yggdrasil.cis.sac.accd.edu 4.0_BETA NetBSD 4.0_BETA (PESC430) #0: Fri Aug 25 10:55:33 CDT 2006  sysop@yggdrasil.cis.sac.accd.edu:/space/nbsd/sys/arch/i386/compile/PESC430 i386

Darwin bozmac.cis.sac.accd.edu 8.7.0 Darwin Kernel Version 8.7.0: Fri May 26 15:20:53 PDT 2006; root:xnu-792.6.76.obj~1/RELEASE_PPC Power Macintosh powerpc

>Description:
Upon exiting irssi, the following messages appear on stderr
of MacOS X (10.4.7 in this example, but similar on 10.3.9):

irssi(28653) malloc: ***  Deallocation of a pointer not malloced: 0x1bd448; This could be a double free(), or free() called with the middle of an allocated block; Try setting environment variable MallocHelp to see tools to help debug
irssi(28653) malloc: ***  Deallocation of a pointer not malloced: 0x1bd2e0; This could be a double free(), or free() called with the middle of an allocated block; Try setting environment variable MallocHelp to see tools to help debug
irssi(28653) malloc: ***  Deallocation of a pointer not malloced: 0x1bd368; This could be a double free(), or free() called with the middle of an allocated block; Try setting environment variable MallocHelp to see tools to help debug
irssi(28653) malloc: ***  Deallocation of a pointer not malloced: 0x1bd3c8; This could be a double free(), or free() called with the middle of an allocated block; Try setting environment variable MallocHelp to see tools to help debug


On NetBSD/i386-4.0_BETA, the messages are not nearly as verbose:

irssi in free(): warning: modified (page-) pointer.
irssi in free(): warning: modified (page-) pointer.
irssi in free(): warning: modified (page-) pointer.

>How-To-Repeat:
Install and execute chat/irssi on MacOS X 10.3.9, 10.4.x or
NetBSD 3.99.23 (built with GCC4) or later.  Messages appear
upon exiting irssi.
>Fix:
I've been seeing this on MacOS X 10.4.x for some time.  The MallocHelp
and MallocCheckXxxxx variables don't report anything helpful.  To
compile with debug symbols, one needs to put "CFLAGS=-g" before the
make or bmake command.

I'm a newbie to gdb, so I'm still figuring it out.  Should be reported
back to the irssi author.